{-# LINE 1 "OpenSSL/X509.hsc" #-}{- -*- haskell -*- -}{-# LINE 2 "OpenSSL/X509.hsc" #-}{-# OPTIONS_HADDOCK prune #-}-- |An interface to X.509 certificate.moduleOpenSSL.X509(-- * TypeX509,X509_-- * Functions to manipulate certificate,newX509,wrapX509-- private,withX509Ptr-- private,withX509Stack-- private,unsafeX509ToPtr-- private,touchX509-- private,compareX509,signX509,verifyX509,printX509-- * Accessors,getVersion,setVersion,getSerialNumber,setSerialNumber,getIssuerName,setIssuerName,getSubjectName,setSubjectName,getNotBefore,setNotBefore,getNotAfter,setNotAfter,getPublicKey,setPublicKey,getSubjectEmail)whereimportControl.MonadimportData.Time.ClockimportData.MaybeimportForeignimportForeign.CimportOpenSSL.ASN1importOpenSSL.BIOimportOpenSSL.EVP.Digesthiding(digest)importOpenSSL.EVP.PKeyimportOpenSSL.EVP.VerifyimportOpenSSL.UtilsimportOpenSSL.StackimportOpenSSL.X509.Name-- |@'X509'@ is an opaque object that represents X.509 certificate.newtypeX509=X509(ForeignPtrX509_)dataX509_foreignimportccallunsafe"X509_new"_new::IO(PtrX509_)foreignimportccallunsafe"&X509_free"_free::FunPtr(PtrX509_->IO())foreignimportccallunsafe"X509_print"_print::PtrBIO_->PtrX509_->IOCIntforeignimportccallunsafe"X509_cmp"_cmp::PtrX509_->PtrX509_->IOCIntforeignimportccallunsafe"HsOpenSSL_X509_get_version"_get_version::PtrX509_->IOCLongforeignimportccallunsafe"X509_set_version"_set_version::PtrX509_->CLong->IOCIntforeignimportccallunsafe"X509_get_serialNumber"_get_serialNumber::PtrX509_->IO(PtrASN1_INTEGER)foreignimportccallunsafe"X509_set_serialNumber"_set_serialNumber::PtrX509_->PtrASN1_INTEGER->IOCIntforeignimportccallunsafe"X509_get_issuer_name"_get_issuer_name::PtrX509_->IO(PtrX509_NAME)foreignimportccallunsafe"X509_set_issuer_name"_set_issuer_name::PtrX509_->PtrX509_NAME->IOCIntforeignimportccallunsafe"X509_get_subject_name"_get_subject_name::PtrX509_->IO(PtrX509_NAME)foreignimportccallunsafe"X509_set_subject_name"_set_subject_name::PtrX509_->PtrX509_NAME->IOCIntforeignimportccallunsafe"HsOpenSSL_X509_get_notBefore"_get_notBefore::PtrX509_->IO(PtrASN1_TIME)foreignimportccallunsafe"X509_set_notBefore"_set_notBefore::PtrX509_->PtrASN1_TIME->IOCIntforeignimportccallunsafe"HsOpenSSL_X509_get_notAfter"_get_notAfter::PtrX509_->IO(PtrASN1_TIME)foreignimportccallunsafe"X509_set_notAfter"_set_notAfter::PtrX509_->PtrASN1_TIME->IOCIntforeignimportccallunsafe"X509_get_pubkey"_get_pubkey::PtrX509_->IO(PtrEVP_PKEY)foreignimportccallunsafe"X509_set_pubkey"_set_pubkey::PtrX509_->PtrEVP_PKEY->IOCIntforeignimportccallunsafe"X509_get1_email"_get1_email::PtrX509_->IO(PtrSTACK)foreignimportccallunsafe"X509_email_free"_email_free::PtrSTACK->IO()foreignimportccallunsafe"X509_sign"_sign::PtrX509_->PtrEVP_PKEY->PtrEVP_MD->IOCIntforeignimportccallunsafe"X509_verify"_verify::PtrX509_->PtrEVP_PKEY->IOCInt-- |@'newX509'@ creates an empty certificate. You must set the-- following properties to and sign it (see 'signX509') to actually-- use the certificate.---- [/Version/] See 'setVersion'.---- [/Serial number/] See 'setSerialNumber'.---- [/Issuer name/] See 'setIssuerName'.---- [/Subject name/] See 'setSubjectName'.---- [/Validity/] See 'setNotBefore' and 'setNotAfter'.---- [/Public Key/] See 'setPublicKey'.--newX509::IOX509newX509=_new>>=failIfNull>>=wrapX509wrapX509::PtrX509_->IOX509wrapX509x509Ptr=newForeignPtr_freex509Ptr>>=return.X509withX509Ptr::X509->(PtrX509_->IOa)->IOawithX509Ptr(X509x509)=withForeignPtrx509withX509Stack::[X509]->(PtrSTACK->IOa)->IOawithX509Stack=withForeignStackunsafeX509ToPtrtouchX509unsafeX509ToPtr::X509->PtrX509_unsafeX509ToPtr(X509x509)=unsafeForeignPtrToPtrx509touchX509::X509->IO()touchX509(X509x509)=touchForeignPtrx509-- |@'compareX509' cert1 cert2@ compares two certificates.compareX509::X509->X509->IOOrderingcompareX509cert1cert2=withX509Ptrcert1$\cert1Ptr->withX509Ptrcert2$\cert2Ptr->_cmpcert1Ptrcert2Ptr>>=return.interpretwhereinterpret::CInt->Orderinginterpretn|n>0=GT|n<0=LT|otherwise=EQ-- |@'signX509'@ signs a certificate with an issuer private key.signX509::KeyPairkey=>X509-- ^ The certificate to be signed.->key-- ^ The private key to sign with.->MaybeDigest-- ^ A hashing algorithm to use. If @Nothing@-- the most suitable algorithm for the key-- is automatically used.->IO()signX509x509keymDigest=withX509Ptrx509$\x509Ptr->withPKeyPtr'key$\pkeyPtr->dodigest<-casemDigestofJustmd->returnmdNothing->pkeyDefaultMDkeywithMDPtrdigest$\digestPtr->_signx509PtrpkeyPtrdigestPtr>>=failIf(==0)return()-- |@'verifyX509'@ verifies a signature of certificate with an issuer-- public key.verifyX509::PublicKeykey=>X509-- ^ The certificate to be verified.->key-- ^ The public key to verify with.->IOVerifyStatusverifyX509x509key=withX509Ptrx509$\x509Ptr->withPKeyPtr'key$\pkeyPtr->_verifyx509PtrpkeyPtr>>=interpretwhereinterpret::CInt->IOVerifyStatusinterpret1=returnVerifySuccessinterpret0=returnVerifyFailureinterpret_=raiseOpenSSLError-- |@'printX509' cert@ translates a certificate into human-readable-- format.printX509::X509->IOStringprintX509x509=domem<-newMemwithX509Ptrx509$\x509Ptr->withBioPtrmem$\memPtr->_printmemPtrx509Ptr>>=failIf(/=1)bioReadmem-- |@'getVersion' cert@ returns the version number of certificate. It-- seems the number is 0-origin: version 2 means X.509 v3.getVersion::X509->IOIntgetVersionx509=withX509Ptrx509$\x509Ptr->liftMfromIntegral$_get_versionx509Ptr-- |@'setVersion' cert ver@ updates the version number of certificate.setVersion::X509->Int->IO()setVersionx509ver=withX509Ptrx509$\x509Ptr->_set_versionx509Ptr(fromIntegralver)>>=failIf(/=1)>>return()-- |@'getSerialNumber' cert@ returns the serial number of certificate.getSerialNumber::X509->IOIntegergetSerialNumberx509=withX509Ptrx509$\x509Ptr->_get_serialNumberx509Ptr>>=peekASN1Integer-- |@'setSerialNumber' cert num@ updates the serial number of-- certificate.setSerialNumber::X509->Integer->IO()setSerialNumberx509serial=withX509Ptrx509$\x509Ptr->withASN1Integerserial$\serialPtr->_set_serialNumberx509PtrserialPtr>>=failIf(/=1)>>return()-- |@'getIssuerName'@ returns the issuer name of certificate.getIssuerName::X509-- ^ The certificate to examine.->Bool-- ^ @True@ if you want the keys of each parts-- to be of long form (e.g. \"commonName\"),-- or @False@ if you don't (e.g. \"CN\").->IO[(String,String)]-- ^ Pairs of key and value,-- for example \[(\"C\",-- \"JP\"), (\"ST\",-- \"Some-State\"), ...\].getIssuerNamex509wantLongName=withX509Ptrx509$\x509Ptr->donamePtr<-_get_issuer_namex509PtrpeekX509NamenamePtrwantLongName-- |@'setIssuerName' cert name@ updates the issuer name of-- certificate. Keys of each parts may be of either long form or short-- form. See 'getIssuerName'.setIssuerName::X509->[(String,String)]->IO()setIssuerNamex509issuer=withX509Ptrx509$\x509Ptr->withX509Nameissuer$\namePtr->_set_issuer_namex509PtrnamePtr>>=failIf(/=1)>>return()-- |@'getSubjectName' cert wantLongName@ returns the subject name of-- certificate. See 'getIssuerName'.getSubjectName::X509->Bool->IO[(String,String)]getSubjectNamex509wantLongName=withX509Ptrx509$\x509Ptr->donamePtr<-_get_subject_namex509PtrpeekX509NamenamePtrwantLongName-- |@'setSubjectName' cert name@ updates the subject name of-- certificate. See 'setIssuerName'.setSubjectName::X509->[(String,String)]->IO()setSubjectNamex509subject=withX509Ptrx509$\x509Ptr->withX509Namesubject$\namePtr->_set_subject_namex509PtrnamePtr>>=failIf(/=1)>>return()-- |@'getNotBefore' cert@ returns the time when the certificate begins-- to be valid.getNotBefore::X509->IOUTCTimegetNotBeforex509=withX509Ptrx509$\x509Ptr->_get_notBeforex509Ptr>>=peekASN1Time-- |@'setNotBefore' cert utc@ updates the time when the certificate-- begins to be valid.setNotBefore::X509->UTCTime->IO()setNotBeforex509utc=withX509Ptrx509$\x509Ptr->withASN1Timeutc$\time->_set_notBeforex509Ptrtime>>=failIf(/=1)>>return()-- |@'getNotAfter' cert@ returns the time when the certificate-- expires.getNotAfter::X509->IOUTCTimegetNotAfterx509=withX509Ptrx509$\x509Ptr->_get_notAfterx509Ptr>>=peekASN1Time-- |@'setNotAfter' cert utc@ updates the time when the certificate-- expires.setNotAfter::X509->UTCTime->IO()setNotAfterx509utc=withX509Ptrx509$\x509Ptr->withASN1Timeutc$\time->_set_notAfterx509Ptrtime>>=failIf(/=1)>>return()-- |@'getPublicKey' cert@ returns the public key of the subject of-- certificate.getPublicKey::X509->IOSomePublicKeygetPublicKeyx509=withX509Ptrx509$\x509Ptr->_get_pubkeyx509Ptr>>=failIfNull>>=wrapPKeyPtr>>=fromPKey>>=return.fromJust-- |@'setPublicKey' cert pubkey@ updates the public key of the subject-- of certificate.setPublicKey::PublicKeykey=>X509->key->IO()setPublicKeyx509key=withX509Ptrx509$\x509Ptr->withPKeyPtr'key$\pkeyPtr->_set_pubkeyx509PtrpkeyPtr>>=failIf(/=1)>>return()-- |@'getSubjectEmail' cert@ returns every subject email addresses in-- the certificate.getSubjectEmail::X509->IO[String]getSubjectEmailx509=withX509Ptrx509$\x509Ptr->dost<-_get1_emailx509Ptrlist<-mapStackpeekCStringst_email_freestreturnlist